1. Field of the Invention
The present invention relates to an information providing device, method and computer program product which provide the user, in an integrated manner, with user information items which are managed by separate providers independently. Moreover, the present invention relates to a user authentication device, method and computer program product which carry out user authentication in association with a plurality of authentication units.
2. Description of the Related Art
Generally, the application programs of an information system are provided with the authentication function for the user, in order to prevent unauthorized access to the information system.
A typical example of the method of realizing the authentication function is a password system which requires the input of the user ID and the password at the time of starting of the application program.
The use of the application program is permitted only to the user who has inputted the user ID and the password correctly, and subsequently the user will be able to make use of various functions which are provided by the application program.
However, the danger of unauthorized access to the information system still remains if the user of the application program pertaining to all the services which are provided by the application program is permitted with the justification of the user being checked only at the time of starting of the application program.
For example, the user sometimes leaves his seat while the application program is in operation. In this case, there is the possibility that an illegal user makes use of the services of the application program in place of the original user.
A conceivable method to overcome the problem is that the authentication of the user is performed again when having access to the confidential information which is managed by the in-house information system. By this method, the security to the confidential information can be raised.
In this case, a more advanced level of security can be obtained if a first authentication engine (for example, the password authentication system) is used at the time of starting of the application program and a second authentication engine (for example, the fingerprint authentication system) is used at the time of having access to the confidential information, rather than using the same authentication engine for both the time of starting of the application program and the time of having access to the confidential information.
However, when using a plurality of authentication engines, it is meaningless that the authentication engines are provided for the user independently of each other. This is because there is no guarantee that the user approved in the first authentication engine and the user approved in the second authentication engine are the same person.
Therefore, the implementation of the functions of associating the plurality of authentication engines with each other is needed for the application program. However, the implementation of such functions for each application program will cause the man-hours of the development of each application program to increase unnecessarily.
By the way, the directory service is known as a system which manages the resources on the network and provides the retrieval unit of the network resources. The directory service has the close relation to the authentication function, and there is an authentication engine in which the functions of the directory service and the user authentication are implemented.
Therefore, it is very expedient if each directory service can also be linked with the user authentication when constructing the user authentication system which carries out the user authentication in association with the plurality of authentication functions.